Add certificate error handling to devtools.

content/browser/ssl/ssl_manager.cc

Index: content/browser/ssl/ssl_manager.cc
diff --git a/content/browser/ssl/ssl_manager.cc b/content/browser/ssl/ssl_manager.cc
index df2e7575b49da85f0455e6e880cc5e0f01d02318..16052414ede2c1d6e1afb1f8184d3a9c56ab78c3 100644
--- a/content/browser/ssl/ssl_manager.cc
+++ b/content/browser/ssl/ssl_manager.cc
@@ -11,6 +11,8 @@
 #include "base/metrics/histogram_macros.h"
 #include "base/strings/utf_string_conversions.h"
 #include "base/supports_user_data.h"
+#include "content/browser/devtools/devtools_agent_host_impl.h"
+#include "content/browser/devtools/protocol/security_handler.h"
 #include "content/browser/frame_host/navigation_entry_impl.h"
 #include "content/browser/loader/resource_dispatcher_host_impl.h"
 #include "content/browser/loader/resource_request_info_impl.h"
@@ -20,6 +22,7 @@
 #include "content/public/browser/browser_thread.h"
 #include "content/public/browser/certificate_request_result_type.h"
 #include "content/public/browser/content_browser_client.h"
+#include "content/public/browser/devtools_agent_host.h"
 #include "content/public/browser/navigation_details.h"
 #include "content/public/browser/ssl_host_state_delegate.h"
 #include "net/url_request/url_request.h"
@@ -356,11 +359,22 @@ void SSLManager::OnCertErrorInternal(std::unique_ptr<SSLErrorHandler> handler,
   const net::SSLInfo& ssl_info = handler->ssl_info();
   const GURL& request_url = handler->request_url();
   ResourceType resource_type = handler->resource_type();
-  GetContentClient()->browser()->AllowCertificateError(
-      web_contents, cert_error, ssl_info, request_url, resource_type,
-      overridable, strict_enforcement, expired_previous_decision,
+
+  base::Callback<void(content::CertificateRequestResultType)> callback =
       base::Bind(&OnAllowCertificate, base::Owned(handler.release()),
-                 ssl_host_state_delegate_));
+                 ssl_host_state_delegate_);
+

[estark, 2017/02/28 23:34:03]

Note that this code won't fire for all cases of certificate errors; for example,
if the SSLHostStateDelegate::QueryPolicy call in SSLManager::OnCertError decides
that the error should be allowed, we won't reach this point.

It sounds like that it probably okay for your use case, but might be worth
documenting somewhere.

[irisu, 2017/03/06 11:56:49]

Done.

+  DevToolsAgentHostImpl* agent_host = static_cast<DevToolsAgentHostImpl*>(
+      DevToolsAgentHost::GetOrCreateFor(web_contents).get());
+  protocol::SecurityHandler* security_handler =
+      protocol::SecurityHandler::FromAgentHost(agent_host);
+  if (!security_handler ||
+      !security_handler->NotifyCertificateError(cert_error, request_url,

[estark, 2017/02/28 23:34:04]

As I mentioned elsewhere, I think it would be better if this did not fire for
subresources but only for top-level navigations.

[irisu, 2017/03/06 11:56:49]

Done.

+                                                callback)) {
+    GetContentClient()->browser()->AllowCertificateError(
+        web_contents, cert_error, ssl_info, request_url, resource_type,
+        overridable, strict_enforcement, expired_previous_decision, callback);
+  }
 }
 
 void SSLManager::UpdateEntry(NavigationEntryImpl* entry,